49 matches found
WordPress Elementor Website Builder plugin <= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via REST API vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin Elementor Website Builder versions = 4.0.4...
CVE-2026-32352 WordPress Elementor Website Builder plugin <= 3.35.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through = 3.35.5...
CVE-2025-66135 WordPress Imager for Elementor plugin <= 2.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through = 2.0.4...
CVE-2025-67588 WordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through = 3.33.0...
WordPress Elementor Plugin Arbitrary File Read Vulnerability
WordPress Elementor Plugin is a visual page design plugin that allows users to create professional web pages with drag-and-drop modules and a visual editor without writing code. WordPress Elementor Plugin suffers from an arbitrary file read vulnerability that stems from the program failing to...
CVE-2025-54037 WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4...
CVE-2025-32281 WordPress DarkMySite plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in DarkMySite DarkMySite darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite: from n/a through = 1.2.8...
CVE-2024-3063
The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for...
CVE-2025-32196
CVE-2025-32196: News Kit Elementor Addons (News Kit Elementor Addons) vulnerable to Stored XSS due to insufficient input handling; authenticated users (Contributor+) can exploit it. Affected versions include up to 1.3.1; patch status is Unpatched per Wordfence/related sources in connected documen...
WordPress Elementor Pro Animation Addon 1.6 Missing Authorization Exploit
import argparse import requests from bs4 import BeautifulSoup import re Exploit By Nxploit Khaled ALenazi def loginsession, url, username, password, useragent: loginurl = url + '/wp-login.php' response = session.postloginurl, verify=False, data= 'log': username, 'pwd': password, 'rememberme':...
CVE-2025-1639
The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installelementorpluginhandler function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, wi...
CVE-2024-54444 WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through = 3.25.10...
CVE-2024-54444 WordPress Elementor plugin <= 3.25.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through = 3.25.10...
CVE-2025-24595 WordPress All Embed – Elementor Addons plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins All Embed – Elementor Addons all-embed-addons-for-elementor allows Stored XSS.This issue affects All Embed – Elementor Addons: from n/a through = 1.1.3...
CVE-2024-9058 Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget
The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output...
CVE-2024-49259 WordPress Primary Addon for Elementor plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicheaddons Primary Addon for Elementor primary-addon-for-elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through = 1.5.8...
WordPress Elementor Inline SVG Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Inline SVG Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9064 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 46f705204dc3 Credits Francesco Carlucci...
CVE-2024-47366
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6...
WordPress Elementor Addon Elements Plugin <= 1.13.6 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.6 Fixed in 1.13.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47366 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID e5b93a793554 Credits João Pedro S Alcântara Kinorth...
WordPress Elementor Website Builder Plugin <= 3.23.4 is vulnerable to Cross Site Scripting (XSS)
Software Elementor Website Builder Type Plugin Vulnerable versions = 3.23.4 Fixed in 3.24.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5416 Patch priority Low CVSS severity Low 6.5 Developer Elementor PSID 8f473cdb82fd Credits wesley wcraft...